Hi, I didn't finish to test the environment, but my approach was the following:
3 Servers with Galera Cluster for MariaDB and 2 of these servers with Guacamole Client + Guacamole Server. *Manel Molina* *manuel.molina-de-la-igle...@veolia.com <manuel.molina-de-la-igle...@veolia.com>* *Dirección de Ciberseguridad* Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect2.fireeye.com%2Fv1%2Furl%3Fk%3D31323334-501d5122-31356fd6-454445555731-a8425f343e5c4fad%26q%3D1%26e%3D30530535-2971-48a4-8441-12c02ea4dc09%26u%3Dhttps%253A%252F%252Feur01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%25253A%25252F%25252Fwww.veolia.com%25252F%2526data%253D05%25257C01%25257Csergi.carmona%252540agbar.es%25257C4c93dad3808642dd7ec308da3ccb99ab%25257Cf4a12867922d4b9dbb859ee7898512a0%25257C0%25257C0%25257C637889142388029142%25257CUnknown%25257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%25253D%25257C3000%25257C%25257C%25257C%2526sdata%253DJJM7r2MgHUaiuJD%25252Bk2xlr3opNEFsJkp%25252Byh2MJq0XRS0%25253D%2526reserved%253D0&data=05%7C01%7Coriol.val%40agbar.es%7C8a3587bd93134628cf9908da4d2baf8e%7Cf4a12867922d4b9dbb859ee7898512a0%7C0%7C0%7C637907147446774859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5Vjff2WWXgkB77AldZ5g116HPKmbRv1h5PRjQjH9k0o%3D&reserved=0> El mié, 31 jul 2024 a las 8:14, Ivanmarcus (<ivanmar...@yahoo.com.invalid>) escribió: > This isn't perhaps exactly what you're looking for, however it may > contain some useful information?: > > https://lists.apache.org/thread/mt313c64nmfwnzhl61g0brwm8g9gq3z9 > > > On 31/07/24 17:35, M Anon wrote: > > Hi, > > > > Tried searching in the archives for "redundancy", "failover" and "high > > availability" but got no hit. > > > > What we'd like to achieve is to have 2 servers but at any time we can > > take one offline (for patching / maintenance, etc). We are OK with users > > being disconnected and having to reconnect to the other server but what > > we don't want is to have to configure each user on both servers' > database. > > > > We authenticate users via LDAP and we know that we can store connection > > info in AD by modifying the schema but we'd rather avoid touching the > > schema. Can we utilize the ability of database authentication where > > users are auto-provisioned in the database if successfully authenticated > > by LDAP? How do we specify different groups of connections for each user > > if they are auto provisioned e.g.: > > > > Group A - IT has access to all servers via RDP and SSH > > Group B - student group 1 has access only to APPSERVER1 via RDP > > Group C - student group 2 has access to APPSERVER1 and APPSERVER2 via RDP > > Group D - contractor 1 has access to only APPSERVER1 via SSH > > > > and so on ... > > > > Any tips are appreciated ... > > > > PS: not sure it will matter (I don't think so) but we do have a HTTP/S > > balancer that will sit in front of the 2 Guac servers > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > >
